Popular Products
Latest Products
Recommended Services
Computing
Storage
Backup
Network&CDN
Security
Database
Big Data Computing
Big Data Search and Analysis
Big Data Application
Big Data Solutions
Domain Name and Website
Platform
Communications
Intelligent Management
Office Automation
Auto Service
Management & Monitoring
Middleware
IT Management & Tools
Enterprise Service Solutions
Hybrid Cloud Solutions
Big Data Solutions
AI Solutions
Security Solutions
Private Cloud Solutions
Financial Solutions
Smart City Solutions
Medical Solutions
【漏洞详情】
微软于本周发布了2022年8月安全补丁,微软共发布了121个漏洞的补丁程序,其中Microsoft Exchange Server、SMB Client and Server等产品中的17个漏洞被微软官方标记为Critical。
Critical漏洞清单如下:
| 序号 | CVE 编号 | CVE 标题 | 严重程度 |
| 1 | CVE-2022-30133 | Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability | Critical |
| 2 | CVE-2022-35744 | Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability | Critical |
| 3 | CVE-2022-34691 | Active Directory Domain Services Elevation of Privilege Vulnerability | Critical |
| 4 | CVE-2022-33646 | Azure Batch Node Agent Remote Code Execution Vulnerability | Critical |
| 5 | CVE-2022-21980 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Critical |
| 6 | CVE-2022-24477 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Critical |
| 7 | CVE-2022-24516 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Critical |
| 8 | CVE-2022-35752 | RAS Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Critical |
| 9 | CVE-2022-35753 | RAS Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Critical |
| 10 | CVE-2022-35804 | SMB Client and Server Remote Code Execution Vulnerability | Critical |
| 11 | CVE-2022-34696 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
| 12 | CVE-2022-34702 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| 13 | CVE-2022-34714 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| 14 | CVE-2022-35745 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| 15 | CVE-2022-35766 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| 16 | CVE-2022-35767 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| 17 | CVE-2022-35794 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
【风险评级】
高危
【影响范围】
l Windows系统及相关产品
【修复建议】
建议受影响的用户结合实际业务评估漏洞风险影响,可通过如下方案避免安全风险:
修复方法:打开 Windows Update 更新功能,点击“检查更新”按钮,依据业务需求下载安装相关安全补丁,安装完毕后重启系统,并检查系统运行情况。
【参考链接】
https://msrc.microsoft.com/update-guide/releaseNote/2022-Aug
特别提醒:修复漏洞前请进行充分测试,并务必做好数据备份和快照,防止出现意外。
平安云
2022年8月11日
